The App separates responsibilities during the creation of AAD Users and Groups in two areas. The front office triggers the creation or editing of a user and assigns groups via the App. the Backoffice, AAD administrators, controls the steps and details needed for the creation of the user or group.

Cloud Resources

The Web App uses several Cloud resources.

Azure Web App, for the end user.

Create, edit, delete users and groups.

Triggers Azure Automation runbooks.

Collect user and group state via AAD Graph API.

Azure Automation Runbook, maintained by administrators.

Edit, Create, Delete users or groups.

Send notification mail with temporally password.

Logs activity to Azure Blob Storage.

Azure Blob Storage.

Stores application and runbook logdata.

Stores temporally user and group data.

Azure Active Directory

Holds users and groups

Secures Web App and Azure Automation Runbook.

All Azure Resources are created via ARM templates except AAD and its settings. These settings are the registration of the WebApp and the initial group configuration. See RBAC model for Azure AD.